Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Description
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
authlibPyPI | < 1.6.9 | 1.6.9 |
Affected products
1Patches
148b345f29f6cfix(jose): remove deprecated algorithm from default registry
6 files changed · +21 −5
authlib/jose/rfc7515/jws.py+6 −2 modified@@ -261,12 +261,16 @@ def _prepare_algorithm_key(self, header, payload, key): raise MissingAlgorithmError() alg = header["alg"] - if self._algorithms is not None and alg not in self._algorithms: - raise UnsupportedAlgorithmError() if alg not in self.ALGORITHMS_REGISTRY: raise UnsupportedAlgorithmError() algorithm = self.ALGORITHMS_REGISTRY[alg] + if self._algorithms is None: + if algorithm.deprecated: + raise UnsupportedAlgorithmError() + elif alg not in self._algorithms: + raise UnsupportedAlgorithmError() + if callable(key): key = key(header, payload) key = algorithm.prepare_key(key)
authlib/jose/rfc7515/models.py+1 −0 modified@@ -5,6 +5,7 @@ class JWSAlgorithm: name = None description = None + deprecated = False algorithm_type = "JWS" algorithm_location = "alg"
authlib/jose/rfc7516/jwe.py+11 −3 modified@@ -697,11 +697,19 @@ def get_header_alg(self, header): raise MissingAlgorithmError() alg = header["alg"] - if self._algorithms is not None and alg not in self._algorithms: - raise UnsupportedAlgorithmError() if alg not in self.ALG_REGISTRY: raise UnsupportedAlgorithmError() - return self.ALG_REGISTRY[alg] + + instance = self.ALG_REGISTRY[alg] + + # use all ALG_REGISTRY algorithms + if self._algorithms is None: + # do not use deprecated algorithms + if instance.deprecated: + raise UnsupportedAlgorithmError() + elif alg not in self._algorithms: + raise UnsupportedAlgorithmError() + return instance def get_header_enc(self, header): if "enc" not in header:
authlib/jose/rfc7516/models.py+1 −0 modified@@ -9,6 +9,7 @@ class JWEAlgorithmBase(metaclass=ABCMeta): # noqa: B024 name = None description = None + deprecated = False algorithm_type = "JWE" algorithm_location = "alg"
authlib/jose/rfc7518/jwe_algs.py+1 −0 modified@@ -52,6 +52,7 @@ class RSAAlgorithm(JWEAlgorithm): def __init__(self, name, description, pad_fn): self.name = name + self.deprecated = name == "RSA1_5" self.description = description self.padding = pad_fn
authlib/jose/rfc7518/jws_algs.py+1 −0 modified@@ -27,6 +27,7 @@ class NoneAlgorithm(JWSAlgorithm): name = "none" description = "No digital signature or MAC performed" + deprecated = True def prepare_key(self, raw_data): return None
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-7432-952r-cw78ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-28490ghsaADVISORY
- github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22ghsax_refsource_MISCWEB
- github.com/authlib/authlib/releases/tag/v1.6.9ghsax_refsource_MISCWEB
- github.com/authlib/authlib/security/advisories/GHSA-7432-952r-cw78ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.